Antigen found =*.exe file

Karl Anderson kra@monkey.org
28 Oct 2001 20:24:48 -0800


"Aaron Blosser" <ablosser@virtuoso.com> writes:

> Did that message look like spam?

It was an unsolicited forgery sent to the fork@xent.com mailing list.

> I have no idea where the message came
> from except that it looked like someone sent an email to someone on our
> system that contained an EXE, and the failure message bounced back to
> the list.

An autoresponder is not a bounce.  An autoresponder that claims to be
from antigen@xent.com, when in fact it comes from virtuoso.com, is not
sending bounce messages, it is being annoying.  I admit that I am not
up to date on bounce message standards - all I know is that Mailman is
very good at finding bounce messages, including those that conform to
RFC 1894, and that message doesn't trigger its bounce detection.

> I assume that if someone were going to go to all the trouble of forging
> some headers, they'd do something far more interesting than send out a
> message indicating an EXE had been removed from an email.

This appears to be a problem of stupid software, not a stupid human
problem.  I don't need to know why the software goes to the trouble to
forge its mail.  All I need to know is that you're the postmaster at
the site it's originating from, and you admit that you don't have a
clue about where it comes from.

> I still say it's the list's job to block emails from unsubscribed
> people, so if an automated bounce made it to the list, that's the list's
> problem.  I'd be more than happy to block ANY email coming from whatever
> list this is if you'd just give me the email address of that list (I
> don't even know if I'm replying to a list or not).

fork@xent.com, be my guest.

-- 
Karl Anderson      kra@monkey.org           http://www.monkey.org/~kra/